United States Patent and Trademark Office 



4 



\ UNITED STATES DEPARTMENT OF COMMERCE 



m. United States Patent and Trademark Office 

f/ Address: COMMISSIONER FOR PATENTS 

\ P.O. Box 1450 

1 Alexandria, Virginia 223 1 3 - 1 450 
www.uspto.gov 



APPLICATION NO. 


FILING DATE 


FIRST NAMED INVENTOR 


ATTORNEY DOCKET NO. 


CONFIRMATION NO. 


09/516,430 


03/01/2000 


Richard W. Cheston 


RP9-99-105 


3641 



7590 04/05/2004 

BRACEWELL & PATTERSON, L.L.P. 
INTELLECTUAL PROPERTY LAW 
P.O. BOX 969 
AUSTIN,, TX 78767-0969 



EXAMINER 



VAUGHAN, MICHAEL R 



ART UNIT 



PAPER NUMBER 



2131 

DATE MAILED: 04/05/2004 



Please find below and/or attached an Office communication concerning this application or proceeding. 



PTO-90C (Rev. 10/03) 



Office Action Summary 



Application No. 

09/516,430 



Examin r 

Michael R Vaughan 
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2131 



-- Th MAILING DATE of this communication app ars on the cov r shoot with the corrospondonco address 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .1 36(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication, 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )I3 Responsive to communication(s) filed on 26 January 2004 . 
2a)[3 This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 1 453 O.G. 213. 

Disposition of Claims 

4) S Claim(s) 1.7-12 and 18-23 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) H Claim(s) 1J-12and 18-23 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) K The drawing(s) filed on 26 January 2004 is/are: a)S accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

11) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 1 1 9 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 1 9(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2.D Certified copies of the priority documents have been received in Application No. . 



3.D Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 



Claims 1, 7-12, 18-23 are pending and claims 2-6 and 13-17 have been 
canceled. 

The drawings have been amended to comply with CFR 1 .84 and consequently 
the objection has been retracted. 

The information disclosure statement filed 9-15-03 fails to comply with the 
provisions of 37 CFR 1.97, 1.98 and MPEP § 609 because Applicant has said that a 
English translation has been supplied but only the abstract of the references has an 
English translation. If the Applicant wants those references considered then a complete 
English translation or at least the relevant sections of those references pertinent to the 
claimed invention must be supplied in a future action. It has been placed in the 
application file, but the information referred to therein has not been considered as to the 
merits. Applicant is advised that the date of any re-submission of any item of 
information contained in this information disclosure statement or the submission of any 
missing element(s) will be the date of submission for purposes of determining 
compliance with the requirements based on the time of filing the statement, including all 
certification requirements for statements under 37 CFR 1 .97(e). See MPEP § 609 
HC(1). 
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Response to Arguments 



Applicant's arguments filed 1-26-04 have been fully considered but they are not 
persuasive. Applicant argues on page 8 that Moy does not include a "unique client 
identifier" with the request for a password hint. Examiner respectfully disagrees. Moy 
discloses in column 4, lines 10-22 that the hint system must obtained the client so that 
the hint system can identify the proper sets of hints to be presented to the user. Moy 
goes on to disclose that the user's identity can be derived from either the terminal 
device or by the user entering user identification. This clearly suggests that the 
password hints are associated to an identifier that identifies the user who needs the 
hint. Both of Moy's methods incorporate using a unique client identifier. In the first 
method the client sends his/her ID, which is then matched with the ID stored on the hint 
system for that user. The Examiner maintains that Moy does suggest sending a unique 
client identifier as part of the request. With respect to Moy's second method, one of 
ordinary skill in the art would know that terminal information such as MAC addresses 
could serve as a unique identifier if the system has been configured in such a way. 
Furthermore when the request is sent to the hint system, it logically follows that if 
incorporated on a network, the MAC address could be part of the data packet. The hint 
system could then extract the MAC address from the packet to determine which user 
was requesting a hint. This teaching is clearly within the scope of Moy's teachings and 
is within the level of ordinary skill in the art at the time of the invention. 
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Applicant argues on page 8 that Guthrie et al (herein Guthrie) present a 
challenge to the user as part of the authentication process, and not "in response to an 
incorrect entry of said primary password". The examiner does not make the claim that 
Guthrie teaches a system that presents a challenge to the user as part of the 
authentication process, and not "in response to an incorrect entry of said primary 
password". Moy teaches a system that presents a challenge to the user as part of the 
authentication process, and not "in response to an incorrect entry of said primary 
password" (column 2, lines 24-35). Examiner maintains that Moy does not explicitly 
teach the use of a separate server, which can present challenges to the user upon 
recognition of incorrect password attempts. Moy teaches a hint system that 
accomplishes. Moy does suggest that the user is using a terminal, which lends itself to 
the notion of being on a network of some type. Guthrie teaches that a server can 
handle the requests of users wishing to login into to the network and can pose 
challenge questions to the user (Fig. 4 and column 7, lines 10-40). One of ordinary skill 
in the art would be motivated by the teaching of Guthrie to embody the system of Moy 
into a client-server system because it would allow one stand alone server to administer 
the logins of many users. 

In response to applicant's argument that the examiner's conclusion of 
obviousness is based upon improper hindsight reasoning, it must be recognized that 
any judgment on obviousness is in a sense necessarily a reconstruction based upon 
hindsight reasoning. But so long as it takes into account only knowledge which was 
within the level of ordinary skill at the time the claimed invention was made, and does 
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not include knowledge gleaned only from the applicant's disclosure, such a 
reconstruction is proper. See In re McLaughlin, 443 F.2d 1392, 170 USPQ 209 (CCPA 
1971). 

Claim Rejections - 35 USC ' 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

A patent may not be obtained though the invention is not identically disclosed 
or described as set forth in section 102 of this title, if the differences between 
the subject matter sought to be patented and the prior art are such that the 
subject matter as a whole would have been obvious at the time the invention 
was made to a person having ordinary skill in the art to which said subject 
matter pertains. Patentability shall not be negatived by the manner in which 
the invention was made. 

Claims 1, 7-12, and 18-23 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Moy in view of (USP 5,425,102) in view of Guthrie et al (USP 
6,161,185). 

As per claims 1 and 12, Moy teaches prior to said client computer system 
completing a boot process: 



Application/Control Number: 09/516,430 Page 6 

Art Unit: 2131 

Prompting a user to enter said primary password (FIG. 3); 

Providing an interrogative password method in response to an incorrect entry of 
said primary password, said primary password being recoverable by said client 
computer system utilizing said interrogative password method prior to said client 
computer system completing said boot process (column 2, lines 10-35). 

Moy is silent in expressly disclosing a server recovering a primary password. 
Guthrie teaches a server recovering a primary password for a client [57], It would have 
been advantageous for a server to control password distribution because servers a 
typically more secure than client stations. Servers are easily accessible to network 
administrators and have access over the clients. The ability to recover a password at 
the server would relieve an administrator from having to visit each client in the advent of 
needing to recover a password. 

In view of this, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to employ the teaching of Guthrie within the system of Moy 
because it would save on the time needed to get a client back up and operational. One 
skilled in the art would have been motivated to generate the claimed invention with a 
reasonable expectation of success. 

Moy teaches the step of providing said interrogative password method including 
a question and correct answer pair (column 2, lines 10-35). 

Moy teaches further comprising the step of recovering said primary password 
from said server computer system in response to a successful completion of said 
interrogative method (column 2, line 35). 
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Moy teaches displaying said question included within said interrogative method 
utilizing said client computer system in response to an incorrect entry of said primary 
password (column 2, lines 10-35) and prompting a user to enter an answer to said 
question, wherein an entry of said correct answer will successfully complete said 
interrogative method (column 2, lines 10-35). 

Moy teaches establishing a unique client identifier (column 4, lines 19-27) and 
storing said questions and said correct answer together with user identifier in memory. 
Moy is silent in expressly disclosing storing said question and said correct answer 
together with said unique client identifier in said server. Guthrie teaches storing said 
password with said unique client identifier in said server (claim 13). The examiner 
supplies the same rationale for the motivation as recited in the rejection of claim 1 to 
incorporate a server within the system of Moy. 

Moy teaches transmitting a request for said question utilizing said client computer 
system in response to an incorrect entry of said primary password, said request 
including said unique client identifier (column 2, lines 20-31). Moy is silent in expressly 
disclosing transmitting the question utilizing said server computer system in response to 
a receipt of said request. Guthrie teaches utilizing said server computer system in 
response to a receipt of said request (column 4, lines 15-23). The examiner supplies 
the same rationale for the motivation to incorporate a server within the system of Moy. 

As per claims 7 and 18, Moy teaches transmitting a proposed answer to said 
question utilizing said client computer system to determine whether said proposed 
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answer is correct (column 2, 20-31). Moy is silent in expressly disclosing utilizing said 
server to determine whether said proposed answer is correct. The examiner supplies 
the same rationale for the motivation as recited in the rejection of claim 1 to incorporate 
a server within the system of Moy. 

As per claims 8 and 19, Moy teaches the step of prior to executing said 
interrogative password method, permitting a user to initially supply said questions and 
correct answer pair (column 4, lines 65-67). 

As per claims 9 and 20, Moy teaches the step of prohibiting access to said client 
computer system by prohibiting transmission of said primary password in response to 
said proposed answer being unequal to said correct answer (column 4, lines 52-55). 

As per claims 10 and 21 , Moy teaches the step of completing said boot process 
in response to said client computer system receiving said primary password from said 
server (column 4, lines 59-60). 

As per claims 1 1 and 22, Moy is silent in expressly disclosing the step of 
encrypting transmissions between client and server utilizing an encryption key pair 
method. Moy discloses the importance of using an encryption key pair to insure the 
security of data (column 1 , lines 37-53). Encrypting data prevents the data from easily 
being read in the advent of it being intercepted or stolen. Therefore, it would be 
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advantageous to encrypt all sensitive data. Guthrie teaches the step of encrypting 
transmissions between client and server (column 3, lines 10-12). In view of this, it 
would have been obvious to one of ordinary skill in the art at the time the invention was 
made to employ the teaching of Guthrie within the system of Moy because it would 
allow the server to client to communicate without sending any plaintext, thus improving 
the security of the system. One skilled in the art would have been motivated to 
generate the claimed invention with a reasonable expectation of success. 

As per claim 23, refer to the rejections of claims 1 2 and 1 8-22 to reject all of the 
limitations of claim 23. 



Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .1 36(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
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the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Michael R Vaughan whose telephone number is 703- 
305-0354. The examiner can normally be reached on M-F 7:30-4:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 703-305-9648. The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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Michael R Vaughan 

Examiner 

Art Unit 2131 
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